by Henry Ristuccia
Regulated industries, by definition, are accustomed to scrutiny. The investments of time, money and expertise made by financial institutions and life sciences companies, for example, in various forms of compliance procedures is enormous. But the payoff in public trust, stakeholder confidence and prevention of litigation and fines is equally large.
Increasingly, the frontline of management and stakeholder scrutiny is in the area of reputational risk, an advancing force in the hierarchy of key strategic and operational concerns—a business risk taking its place right alongside reporting soundness, product quality, anti-corruption initiatives and competitive threats. In fact, we all regularly see how large, respected companies come under fire in the popular media for poor or inadequate handling of product failures, service changes, new fee requirements and a wide variety of other compliance and marketplace-oriented issues. The greater the name recognition, it seems the greater the potential for reputational damage when problems occur.
Reputation as performance indicator
Why is reputation management so important today? Because senior executives and boards know that a company’s reputation can be a make-or-break attribute of the organization and therefore a major performance indicator. How well reputation is regarded—or even perceived—by key stakeholders can have immediate and far-reaching impact on the organization’s overall success:
- For customers, reputation can increase or negatively impact sales;
- For potential recruits, it can attract or discourage employment interest;
- For prospective shareholders and business partners, it can entice or repel investment;
- For regulators, it can signal effective compliance or raise a red flag.
In a business world focused on tearing down barriers, building competitiveness and staying interconnected 24/7 with key constituencies, it is no surprise that maintaining an untarnished reputation is an essential part of success.
Conventional approaches often don’t work
Generally, conventional risk management techniques are not adequate for countering today’s most important business risks—including reputational risk—because conventional approaches tend to focus on risk avoidance and on taking what we call an inside-out perspective on marketplace threats.
At Deloitte, we suggest a Risk Intelligent approach. Risk Intelligence is a highly inclusive and multidimensional way of realistically operating in dynamic times. It acknowledges that shifts can happen—and happen fast, including events that can support or destroy reputation. As Warren Buffet once said, “It takes 20 years to build a reputation and five minutes to ruin it.”
Too much internal focus can disable a company’s ability to be suitably in tune with critical marketplace developments. Applying bolt-on solutions after the damage is done is often no longer good enough. The watch phrase should be: expect the unexpected, and help ensure your organization is as prepared as it can get for meeting whatever challenges the “unforeseen” may present.
It takes both creative and disciplined planning to structure a risk management program that responds to an uncertain world by both protecting and creating reputational value. A Risk Intelligent approach can do this far better than conventional approaches, because it can surface both value-killer risks and game-changing opportunities—both required today to get ahead and stay ahead.
3 steps compliance executives can take
Compliance professionals in global organizations face a multitude of complex regulatory, jurisdictional and marketplace challenges, but taking a Risk Intelligent approach provides three important and relatively accessible ways that they can quickly enhance their contribution to and impact on reputational risk issues:
- Take what we call an outside-in perspective, identifying key drivers of the enterprise reputation from the vantage point of outside observers—many of whom are vital constituents for regulated industries, such as government authorities, analysts, legislators and investors.
- Connect to and align with company strategy. This means understanding the broader business context in which you do business. For instance, it requires development of a fuller understanding of your organization’s fundamental business strategy, including how your compliance activities tie to and support company strategy, and how meeting regulatory requirements fit in with building public trust and stakeholder confidence.
This process definitely includes protecting what you already have but also introduces new dimensions for proactively burnishing a desired brand image by raising awareness of outside threats and improving opportunities for business units and functions to address them in a timely, if not cutting-edge, way.
A Risk Intelligent approach suggests, for example, that managing reputational risk might begin with challenging your organization’s more closely held assumptions about what makes and keeps the enterprise reputation strong.
- Incorporate compliance into the overall risk management program. This also relates to understanding the broader context of compliance activities, such as exploring the essence of laws and regulations and responding to the protections they are designed to support. Making compliance part of the larger risk initiative also requires bridging silos, so that compliance isn’t just heads-down on check-the-box details.
While it is true that a comprehensive reputation risk management program employs a wide variety of sophisticated tools and processes, such as benchmarking, scorecards and new media measurement, the three steps cited above can help jump-start compliance readiness and pave the way for appropriate and effective involvement by compliance executives in supporting corporate reputational risk management programs.